Search for vulnerabilities
Vulnerability details: VCID-sxrp-vxyu-aaap
Vulnerability ID VCID-sxrp-vxyu-aaap
Aliases CVE-2009-0195
Summary Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0195.html
rhas Important https://access.redhat.com/errata/RHSA-2009:0429
rhas Important https://access.redhat.com/errata/RHSA-2009:0430
rhas Important https://access.redhat.com/errata/RHSA-2009:0431
rhas Important https://access.redhat.com/errata/RHSA-2009:0458
rhas Important https://access.redhat.com/errata/RHSA-2009:0480
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0399
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0400
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10286 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10435 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10435 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.10435 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.15816 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.38438 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.38438 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.38438 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.38438 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
epss 0.42774 https://api.first.org/data/v1/epss?cve=CVE-2009-0195
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2009-0195
generic_textual Medium https://ubuntu.com/security/notices/USN-759-1
generic_textual Medium https://ubuntu.com/security/notices/USN-973-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-759-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-973-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0195.html
http://rhn.redhat.com/errata/RHSA-2009-0458.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0195.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
http://secunia.com/advisories/34291
http://secunia.com/advisories/34481
http://secunia.com/advisories/34756
http://secunia.com/advisories/34963
http://secunia.com/advisories/35064
http://secunia.com/secunia_research/2009-17/
http://secunia.com/secunia_research/2009-18/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10076
https://ubuntu.com/security/notices/USN-759-1
https://ubuntu.com/security/notices/USN-973-1
https://usn.ubuntu.com/usn/usn-759-1
https://usn.ubuntu.com/usn/usn-973-1
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://www.securityfocus.com/archive/1/502759/100/0/threaded
http://www.securityfocus.com/archive/1/502762/100/0/threaded
http://www.securityfocus.com/bid/34791
http://www.vupen.com/english/advisories/2010/1040
524809 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809
cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
CVE-2009-0195 https://nvd.nist.gov/vuln/detail/CVE-2009-0195
GLSA-201310-03 https://security.gentoo.org/glsa/201310-03
RHSA-2009:0429 https://access.redhat.com/errata/RHSA-2009:0429
RHSA-2009:0430 https://access.redhat.com/errata/RHSA-2009:0430
RHSA-2009:0431 https://access.redhat.com/errata/RHSA-2009:0431
RHSA-2009:0458 https://access.redhat.com/errata/RHSA-2009:0458
RHSA-2009:0480 https://access.redhat.com/errata/RHSA-2009:0480
RHSA-2010:0399 https://access.redhat.com/errata/RHSA-2010:0399
RHSA-2010:0400 https://access.redhat.com/errata/RHSA-2010:0400
USN-973-1 https://usn.ubuntu.com/973-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0195
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92457
EPSS Score 0.10286
Published At April 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.